What do we collect on children and how do we communicate this?
When we collect information from a child online through the Sites and Applications, we will keep that information for the purpose of providing the child access to the service. In the event we believe we have collected data on a child unlawfully, we will either delete the data immediately or request permission from the parent. We collect only the information required to provide the service to the child. The data we collect is:
Users can initiate registration with our Application to view Content (defined below), create programs, and engage in special features, among other activities. During the provisioning process, teachers will gain access to the site once added at the start date of the subscription by our Customer Success team. Students will not gain access until they have been validated by their teacher via .csv upload. The only required information for a student to have an account created is a school issued email address and first/last name. Names can be anonymous nicknames, if preferred. No other PII is required for SAM Studio for a student user. Teachers are required to validate all student accounts and grant them access to the services by rostering them in an active classroom. Any student that is not added to a class roster or is removed from the classroom will not have access to the services. The applications do not need PII to function; however, users are not forbidden from using PII for their own convenience (e.g., so a teacher’s class roster is easily decipherable to themselves.) If at any point you wish to remove your child’s access from our services, please contact your child’s teacher. If you wish to remove your child’s data from our systems entirely, please contact firstname.lastname@example.org.
We provide the ability for the user to share projects privately between student and teacher on our platform. When a user submits Content to the platform, that Content may include personal information, such as the user’s image, voice, or name. A user should not include personal information in Content they upload to the Applications. Examples of uploaded Content that may include personal information are projects, lessons, images, videos, comments, and questions & responses generated within the Applications. SAM Labs does not allow public access to any user-generated content. If unpermitted access is discovered, it should be reported to SAM Labs immediately; SAM Labs reserve the right to delete the projects. This is to ensure safety and privacy at all times.
Collecting Information Automatically
In the event SAM Labs wishes to collect personal information from a child online, for internal purposes, we will first seek a teacher’s consent by email. In the email, we will explain what information we are collecting, how we plan to use it, how the parent can provide consent, and how the parent can revoke consent. If we do not receive parental consent within a reasonable time, we will remove the parent contact information (unless the parent has separately signed up using that email address for marketing emails or has otherwise provided that information on another SAM Labs site or in connection with another SAM Labs service) and any other associated information from our active servers.
How is Content Shared?
By default, only a child’s teacher can view the Content submitted by the child. Children inside the classroom may not share Content publicly outside the classroom at this time.
Teacher, Instructor, Or Other Adult Consent In Lieu Of A Parent
With regard to school activities, COPPA allows teachers and school administrators to act in the stead of parents to provide consent for the collection of personal information from children. SAM Labs verifies the identity of teachers based on what the District Administrator or School Administrator provides in order to provision the subscription. For more information on parental rights with respect to a child’s educational record under the Family Educational Rights and Privacy Act (FERPA), please visit the FERPA site.
How We Use Your Child’s Information
We may use the child’s information to:
- operate and improve our Services
- provide the services you or your child request;
- improve the quality of our Services;
- understand you and your child’s preferences to enhance your experience of our Services;
- protect, investigate, and deter against fraudulent or illegal activity
We do not:
- permit behavioural targeting of advertisements towards children on the Services;
- sell any child’s information collected by the Services;
- create or keep student profiles for non-educational purposes.
Sharing Information with Third Parties
We may share, receive, or disclose information collected from users in a limited number of instances, including the below. The third parties with whom we contract share our commitment to our security and data retention principles.
- Our platform stores user data (e.g. programs, lessons, and other media) in AWS.
- If a user’s school district or educator uses Google Classroom, we may permit users to sign into the Application using a Google Classroom-connected account. For more information on the data collected by Google Classroom, please see the G Suite for Education Privacy Notice. We receive student email addresses, first and last names, and email address from Google Classroom. If a user or an instructor provides a user’s birthday or grade, we receive that information as well but do not use grade information. We use the information we receive from Google Classroom in accordance with Section 1 of this Policy, but not to advertise to users under 13 via email. Classroom also tells us the classes in which a student has enrolled; we use this information to sort students into the appropriate class. We do not share personal information back to Google Classroom.
- We may also share information in connection with or during negotiation of any merger, financing, acquisition, bankruptcy, dissolution, transaction, or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets to another company. Any such transfer will require the receiver to uphold this Policy.
- We may disclose personal information if permitted or required by law, for example, in response to a court order or a subpoena. To the extent permitted by applicable law, we also may disclose personal information collected from children (i) in response to a law enforcement or government agency’s request; (ii) if we believe disclosure may prevent the instigation of a crime, facilitate an investigation related to public safety, or protect the safety of a user of Services; (iii) to protect the security or integrity of our Services, and other technology, as well as the technology of our service providers; or (iv) to enable us to take precautions against liability.
Parental Choices and Controls
At any time, a verified parent can request to see the information on a child. We will also at the request of the parent delete any data, this can be done by emailing email@example.com.
We will retain your personal information for the period necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required or allowed by law.
In addition to the retention policy above that applies to all users, we only keep a child’s personal information as long as necessary to deliver services or for school purposes, unless we are required by law to retain it.
Encryption, Retention, and Security
We use SSL to encrypt data in transit between your device and the Application servers. We encrypt passwords, but not other data, at rest. We use reasonable organizational, technical and administrative measures to protect Personal Information under our control. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us at: firstname.lastname@example.org.
Changes to this Policy; Notice
We may amend this Policy at any time by posting the amended version to the Site or by providing such notice or obtaining consent to changes as may be required by applicable law. For material changes in this Policy, we will email the last e-mail address you provided to us (if any) and/or prominently post notice of the changes on our Sites and Applications. Your continued use of the Services constitutes implied consent to such amended Policy.